I'd question the "old school" policy you described. I learned firewall policy 15+ years ago, which I think qualifies as "old school", and the rule then was default-deny: anything without an explicit allow rule is blocked. What you describe as old-school sounds to me like the relatively recent policy...

[ more ]